Mozilla Foundation Security Advisory 2014-01

Miscellaneous memory safety hazards (rv:27.0 / rv:24.3)

Announced

February 4, 2014

Reporter

Mozilla Developers

Impact

Critical

Products

Firefox, Firefox ESR, SeaMonkey, Thunderbird

Fixed in

Firefox 27

Firefox ESR 24.3

SeaMonkey 2.24

Thunderbird 24.3

Description

Mozilla developers and community identified identified and fixed several
memory safety bugs in the browser engine used in Firefox and other Mozilla-based
products. Some of these bugs showed evidence of memory corruption under certain
circumstances, and we presume that with enough effort at least some of these
could be exploited to run arbitrary code.

In general these flaws cannot be exploited through email in the
Thunderbird and Seamonkey products because scripting is disabled, but are
potentially a risk in browser or browser-like contexts.